In June, it was revealed that uTorrent’s forums had been hacked, putting at risk the personal details of hundreds of thousands of users. Now it being reported that the database has been put up for sale on a darknet marketplace. The package is said to contain almost 395,000 accounts but data is cheap. The asking price? Just one bitcoin.
With more than 150 million users a month, uTorrent is by far the most popular torrent client in the West.
This popularity and the need for technical support means that parent company BitTorrent Inc. needs to maintain a community forum. With tens of thousands of visitors each day, it too is quite popular. However, it recently came to light that information the site held on its users was no longer secure.
In June, the uTorrent team issued a security alert which advised users to change their passwords. According to one of uTorrent’s vendors, a compromise of uTorrent’s database had occurred following a security issue elsewhere.
“The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users,” uTorrent said at the time.
Since then things have gone pretty quiet but according to information just published, the problems might be about to get worse.
According to Hackread, the uTorrent database obtained during the breach has now gone up for sale on a darknet marketplace. Offered for sale by a user called “DoubleFlag”, it is said to contain emails and passwords from the forum.
“Out of a total of 394,769 accounts, some passwords are encrypted with Secure Hash Algorithm 1 (SHA-1) and some with the weak MD5 hashes,” the publication reports.
As can be seen from the screenshot above, the asking price is pretty low considering the number of accounts involved. The seller is asking just BTC 0.9580 ($602) for the data, which may (or may not) be an indication of its usefulness.
Another interesting detail coming out of this offer of sale is the claim from DoubleFlag that the data was obtained from uTorrent back in January. That’s a full six months in advance of the security alert from uTorrent.
The same January date is claimed by Haveibeenpwned.com, but that site states that ‘just’ 34,235 accounts have been compromised.